Hi everyone! I've recently come across an intriguing aspect of interrupts: it appears that the kernel can be interrupted even when local_irq_disable() is called.
I'd like to share some code snippets to illustrate this:
Code:
/* kernel module */
/*
dummy function to add a controllable latency
*/
static void noop_loop(unsigned long num)
{
int i, j;
unsigned long num_c = num;
for (j=0; j<num; j++) {
for (i=0; i<(sizeof(device_state)/sizeof(device_state[0])); i++) {
device_state[i] = num_c;
num_c *= 3;
}
}
}
static long tw_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
{
unsigned long long tw_enter, tw_leave;
switch (cmd) {
case TW_DEMO:
local_irq_disable();
tw_enter = rdtsc_ordered();
noop_loop(arg);
tw_leave = rdtsc_ordered();
local_irq_enable();
return tw_leave - tw_enter;
}
return -1;
}
/* user-space */
void demo_tw_ext(void)
{
int ret, i;
unsigned long counter = 0, cnt = 0;;
pin_task_to(0);
puts("[*] normal time window");
for (i=1; i<=10; i++) {
printf("[*] tw=>%d\n", ioctl(fd, TW_DEMO, 1));
}
while (1) {
counter++;
ret = ioctl(fd, TW_DEMO, 1);
if (ret > 20000) {
cnt++;
printf("[+] [%u] tw=>%d, catch time window extension in %lu attempts\n", cnt, ret, counter);
if (cnt >= 10)
break;
}
}
puts("[*] time window measure demo done\n");
}
The resulting output is as follows:
Quote:
$ sudo ./interface
[*] normal time window
[*] tw=>1266
[*] tw=>770
[*] tw=>782
[*] tw=>778
[*] tw=>775
[*] tw=>783
[*] tw=>783
[*] tw=>778
[*] tw=>770
[*] tw=>762
[+] [1] tw=>39248, catch time window extension in 39305 attempts
[+] [2] tw=>75431, catch time window extension in 347607 attempts
[+] [3] tw=>37828, catch time window extension in 710853 attempts
[+] [4] tw=>52159, catch time window extension in 715386 attempts
[+] [5] tw=>61467, catch time window extension in 716299 attempts
[+] [6] tw=>37778, catch time window extension in 732457 attempts
[+] [7] tw=>49331, catch time window extension in 738861 attempts
[+] [8] tw=>67860, catch time window extension in 750552 attempts
[+] [9] tw=>38113, catch time window extension in 786872 attempts
[+] [10] tw=>57824, catch time window extension in 789542 attempts
[*] time window measure demo done
|
Based on my understanding, the kernel should not be interrupted while executing noop_loop() because the IRQ is disabled. Consequently, the time window measured by the two rdtsc_ordered() calls should remain stable.
This behavior can be reproduced on both virtual machines (with hardware-assisted virtualization) and physical machines (both AMD and Intel CPUs with the constant_tsc flag). I've also attempted to use the event tracing framework, but the trace log did not indicate any activity within the time window.
If anyone has insights into how the CPU can be interrupted with IRQ disabled or suggestions on how to debug this further, I would greatly appreciate it!
kernel execution gets interrupted with local_irq_disabled()
